General
-
Target
2025-04-23_a0927dc09a4237bbe1b5a5cf460ee1ea_black-basta_elex_floxif_luca-stealer
-
Size
1.8MB
-
Sample
250423-xdtveswwdz
-
MD5
a0927dc09a4237bbe1b5a5cf460ee1ea
-
SHA1
058be67f3ed03607001d6b80459fd369d1d841b9
-
SHA256
47ffb057f4cdaae214d3f32e06898f4a990c7427b5023a789a5434c07cf9dfa1
-
SHA512
761e97a9033605ea3532a3be9d515ca84a3cd5b3641b261324d18c03a100d23ec06e6888ab77bdb492ee9600f29f850f21cff4f3e0ebb63592976ca567f3f3d7
-
SSDEEP
49152:c6/yN8Ec2fWnaZxldRhG4xSxwr/XysyGXCLZoOkcX:+vfIMxlh7pXhFMZjX
Malware Config
Targets
-
-
Target
2025-04-23_a0927dc09a4237bbe1b5a5cf460ee1ea_black-basta_elex_floxif_luca-stealer
-
Size
1.8MB
-
MD5
a0927dc09a4237bbe1b5a5cf460ee1ea
-
SHA1
058be67f3ed03607001d6b80459fd369d1d841b9
-
SHA256
47ffb057f4cdaae214d3f32e06898f4a990c7427b5023a789a5434c07cf9dfa1
-
SHA512
761e97a9033605ea3532a3be9d515ca84a3cd5b3641b261324d18c03a100d23ec06e6888ab77bdb492ee9600f29f850f21cff4f3e0ebb63592976ca567f3f3d7
-
SSDEEP
49152:c6/yN8Ec2fWnaZxldRhG4xSxwr/XysyGXCLZoOkcX:+vfIMxlh7pXhFMZjX
Score10/10-
Floxif family
-
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
-
Detects Floxif payload
-
Event Triggered Execution: AppInit DLLs
Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by AppInit DLLs loaded into processes.
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-